Copy protection has received greater attention in the computer software industry. One approach is to use a nonstandard disk format for recording the program of real interest. Standard copying programs can only read or write data in standard format, making copying of this program impossible. While this approach prevents standard copy programs from copying the disk, an adversary can always make a bit for bit copy of the disk which will be executable by the computer.
Another approach to copy protecting computer programs is to put a small pin hole or other defect at a particular spot on the disk. The program being sold avoids using this ruined portion of the disk, but checks to make sure that that portion of the disk is, in fact, ruined. If it is ruined, the program continues its normal execution. If it is not ruined, then the program stops execution. Even a bit for bit copy of the program onto a new disk will not execute properly because there is hidden information on the disk—which part is ruined—which must be copied if the program is to execute properly.
An adversary can overcome this copy protection by one of two methods. First, he can determine which portion of the disk is checked and make sure it is ruined on the copy. Or, he can delete the part of the program which checks for the ruined portion of the disk. This produces a slightly shorter program which does everything of value to the user that the original program did, but this new version of the program can be copied without any special effort and used on all other base units without further modification to the program or the other base unit.
Another approach to copy protecting computer programs is to require a special piece of hardware to be attached to the computer that the end user software application can sense and/or to communicate with.
An adversary can overcome this copy protection by creating/pirating the special piece of hardware along with pirating the intended software application. Another disadvantage of this approach is that the special hardware adds to the overall cost to the end user. In addition, it is bothersome to the end user to be attaching or unattaching things to the computer, and also just keeping track of the devices for attachment, if there is more than one software application that has its own hardware piece for attachment.
Another approach to copy protecting computer programs is to require one or more communications over a network such as the internet, when the protection software senses it can communicate over the network, to verify that the running program is not pirated. If the said communication exists, a number of schemes based on communication with an external verification authority can be employed. One method includes, for example, monitoring software using encryption including digital signatures/certificates, which includes generating a key based on computer-specific information of a computer on which the software is installed and using the key to encrypt an authorization code which enables use of the software on the computer.
An adversary can overcome this copy protection by several methods. Many software programs simply do not need to attach to a communications network in order to run, so pirated software can run just fine on stand alone computers. Or, the pirate can simply remove the software that checks for attachment to the communications network. A rather simple way to circumvent this copy protection scheme is to change the port number with which the communications code is attempted. Most home computers get on the internet over a certain standardized address, called a port. A pirate can simply change the code in the spot where the port number can be specified. Communication will then be attempted over a port that does not work. An adversary can then create as many copies of the altered software as desired. Since the pirated software would then never succeed in attaching to the internet, it will never check to see if it is pirated software, and no external entity would therefore be able to check for it either.
Another approach to copy protecting computer programs is to have a manufacturer provide each customer for its program with two versions: the regular version is in a sealed envelope, the opening of which would constitute a purchase, and a degraded version, which only allow up to, say, 50 records per file for an application that needs to keep certain records per file. Within a 30 day trial period, the manufacturer allows the customer to return the regular version in its sealed envelope for a refund. This way, the customer can experiment with the degraded version to determine if he wants the full package.
One problem with such a scheme is that there is no copy protection, so that one dishonest customer can make as may copies as he wants of the regular version and give or sell them to acquaintances with similar base units—computers. These acquaintances can in turn give or sell copies to their acquaintances, etc. It may also be desirable for the customer to experiment with a full version of the program because certain customer-needed characteristics of the program perhaps can only be experienced with the full program, such as more than the said 50 records of the given example.
Another approach to copy protecting computer programs is a variation of the old public/private key idea. The idea is to simply utilize some information, say, a unique character string internal to the program, to be matched. The user would be communicated that same string externally upon purchase; and upon entering the string during the installation phase, there would be an internal/external match which would then permit the software to install. Variations of this are to have more than one such string internal to the program so that more than one code could be externally entered for matching. Another variation would be to have an internal string such that only a certain number of the characters in it need to match, or some other scheme whereby a sufficiency of matching is obtained.
The problem with all such variations is that again, only a single matched key for a copy of the software needs to be known, from which a software pirate can make as many copies as desired. This is also true of any scheme that is based upon the software application having a unique identification code for each authentic copy of such software application, whether such key or keys are embedded within the application or not.
Another idea for protecting software is fear of prosecution. If a copy of a software application were pirated, then the culprit could be found by tracing back the private key, if that were part of the matching keys antipiracy scheme used, or one or more unique strings/keys, if that were the antipiracy scheme used, to the original user who revealed them. Fear of prosecution might discourage many users from revealing the private keys or strings.
Unfortunately a pirate would probably not pirate his own copy of a program. He would ordinarily steal it, or provide fake identification when purchasing the original copy. Prosecuting a pirate based upon finding the source of the original pirated copy may not even be possible because a software program can be stolen from an unsuspecting victim. Even if it were proven that the original source person was in conspiracy with the pirates, prosecution may be very expensive. A small software company may not be able to afford it.
Another approach to copy protecting computer programs is biometric based method for software distribution. For example, personal fingerprint information can be embedded into the software application at the time of purchase. With each use the user can use a device to enter his finger into, with the results being communicated to the software application for a match, allowing the software application to be run. There can also be some sort of central authority to check biometric information.
One problem with biometric schemes is that gathering the biometric data for each purchaser is not currently feasible. Also, gathering the biometric data for a purchaser would be time consuming and expensive. Embedding the biometric data into the software is also time consuming. As for a central authority keeping biometric data, that is too personal. People do not like other people having their biometric data whether it were people in a company or people in a government office. This is yet one more difficulty with the biometric scheme.
Another approach to copy protecting computer programs is to simply generate a group of character sets for actuation codes that are both never repeating within a certain period of time and difficult to guess.
An adversary can overcome this copy protection because again once a character set is found out for a particular copy of a software application, say, by viewing the code using a binary to hex editor, a pirate can create as many copies of the software application as desired and pass along the same needed character set to each unauthorized user.
It is very difficult, if not impossible, to allow more than one machine to use the same copy of an application code and yet be reasonably sure that the application code is not being pirated. This is certainly true of each of the schemes discussed so far. On the other hand software applications would be more appealing to purchasers if the purchasers knew they could legally install the same copy of the software application on all of the machines they have in their home, and yet inhibit the spread of illegal copies to other people's machines. The author of this patent application knows of no antipiracy scheme that addresses this concern, other than the current invention itself.
Another approach to copy protecting computer programs is to use some form of cryptography. There can be a lot of random and pseudo-random characters in what are called keys. The keys are used to decipher encrypted information. The use of randomness or pseudo-randomness in the decryption scheme to provide a level of security to the scheme was known to be used in cipher machines since the 1920s, most famously by Nazi Germany before and during World War II with their Enigma machine. Modern forms of public/private key encryption techniques are based on the paper New Directions in Cryptography by Whitfield Diffie and Martin Hellman, 1976, as seen in the periodical IEEE Transactions on Information Theory, all using random and/or pseudo random characters/keys. There are many variations on the techniques.
The biggest problem a cryptography based antipiracy scheme is that, once a key is deciphered, it will always be available. It only takes a single known private key for a copy of a program to be known. From then on any amount of copies of that copy can be made, all using the same public/private key pair. This is true of any type of key no matter how many random or pseudo-random characters are used in a key.
Cryptography is a primary basis for this invention. However, cryptography is only one of the parts of this overall invention. To circumvent the antipiracy measures and distribute installable copies, one must know more than just the key for the copy, as will be explained in the detailed explanation section of this invention. For now, the specific old cryptographic ideas that this invention uses will be described.
A primary basis of this invention is the invention in 1914 by Gilbert Sanford Vernam. The Vernam system used random characters to disguise letters and numbers. Gilbert Vernam's Cipher Machine worked like an ordinary teletypewriter except that it used three paper tapes instead of just one. On the first tape, the sender would type a message in the form of holes and spaces. On the second tape, the sender would type random characters. Vernam's Cipher Machine would then work to combine the holes and spaces of the message tape with the holes and spaces of the random-character tape using a special addition called Modulo-2. This action produced the third tape containing the enciphered message (cipher), which was absolutely unbreakable. The cipher would then be transmitted securely to a receiving teletypewriter and saved on a paper tape.
Later in history, during WWII, the Germans used the same principle with a single notepad, and is more indicative of how this invention utilizes encryption. A German diplomat wanting to encipher a message would write his message above a line of random numbers on a page of his pad. Then, for each letter of his message, he would count forward in the alphabet the number of letters indicated by the number under it. He would write the new letters below the numbers. The new letters would be the enciphered message, or simply the cipher.
Diplomats receiving the cipher would write the letters of the cipher above an identical line of random numbers on identical pages of their pads. Then, for each letter of the cipher, they would count backward in the alphabet the number of letters indicated under it. Finally, they would write the new letters below the numbers. The new letters would be the original message. After a message was ciphered and deciphered, that page of the pad would be discarded. Each page was used only once so as not to create a repetitive pattern that a skilled enemy cryptologist might detect. Hence, this system came to be called the one-time pad.
The later WWII Lorenz Cipher Machine is based on the same Vernam system. It used pseudo random instead of truly random characters because, being mechanical, it could not produce all possible combinations of characters. The Lorenz Cipher Machine worked on the same principle as Vernam's machine's enciphering with random characters using the same modulo-2 addition as Vernam's machine, then transmitting the cipher to a receiving machine, which would decipher the cipher in the same way with identical random characters; but rather than the operator typing them onto paper tape as he did on Vernam's machine, the Lorenz operator would manually set 501 finger switches on twelve steel rotors.
The primary ideas this invention uses from the Vernam and Lorenz systems are:                The disguising of characters with other characters, and reversing it to get back the original information.        Having the disguising characters be chosen randomly, or pseudo randomly.        Allowing only the sender and the receiver to have the deciphering equipment, the equipment being the pad with numbers and a pencil in the case of WWII diplomats, which liken to the current invention's computers with their unique random and pseudo random tables and strings.        In this invention the deciphering information of the Lorenz finger switches and rotors is contained instead within characters, strings of characters, and also tables of information of differing types, within computer memory.        